Data protection

Cookies

Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

Consent with Real Cookie Banner

Our website uses the consent technology of Real Cookie Banner to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is

devowl.io GmbH, Tannet 12, 94539 Grafling, Germany

Persons authorized to represent the company: Matthias Günter and Jan Karres

(hereinafter referred to as "Real Cookie Banner").

When you enter our website, a connection is established to the Real Cookie Banner servers in order to obtain your consent and other declarations regarding the use of cookies. Real Cookie Banner then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Real Cookie Banner cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Real Cookie Banner is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

You can find out more about the data processed through the use of Real Cookie Banner in the privacy policy at https://devowl.io/de/datenschutzerklaerung/.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Weglot

Functions of the Weglot translation service are integrated on this website. The provider is Weglot SAS, 138, rue Pierre Joigneaux in Bois-Colombes 92270 France. Weglot is loaded when you access the website so that you can change the language to a language other than German using the language icon in the header of the website. This allows a direct connection to be established between your browser and the Weglot server when you visit this website. Weglot then receives the information that you have visited this website with your IP address. The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. A corresponding consent is requested via the cookie and data protection settings of the website. The processing is then carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time via the data protection settings at the bottom of each subpage. Further information on this can be found in Weglot's privacy policy: https://weglot.com/privacy/.

Facebook

Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.

If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Instagram

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

You can find more information on this in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a user ID.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google AdSense

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Adsense, we can display targeted advertisements from third-party companies on our website. The content of the advertisements is based on your interests, which Google determines based on your previous user behavior. Furthermore, contextual information such as your location, the content of the website you have visited or the Google search terms you have entered are also taken into account when selecting the appropriate advertisement.

Google AdSense uses cookies, web beacons (invisible graphics) and similar recognition technologies. This allows information such as visitor traffic on these pages to be analyzed.

The information collected by Google Adsense about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

We use the Brevo tool to send newsletters:

What is Brevo?

You can subscribe to our newsletter free of charge on our website. To ensure that this works, we use the e-mail delivery service Brevo for our newsletter. This is a service provided by the German company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. Brevo is, among other things, an e-mail marketing tool with which we can send you customized newsletters. With Brevo, we don't have to install anything and can still draw from a pool of really useful functions. In the following, we will take a closer look at Brevo's e-mail marketing service and inform you about the most important aspects relevant to data protection.

Why do we use Brevo?

The newsletter service also offers us helpful analysis options. This means that when we send out a newsletter, we find out, for example, whether and when the newsletter was opened by you. The software also recognizes and records whether and on which link you click in the newsletter. This information helps us enormously to adapt and optimize our service to your wishes and concerns. After all, we naturally want to offer you the best possible service. In addition to the data already mentioned above, data about your user behavior is also stored.

What data is processed by Brevo?

We would of course be delighted if you would subscribe to our newsletter. This enables us to keep you up to date with what's going on in our company. However, you should know that when you register for the newsletter, all the data you enter (such as your e-mail address or your first name and surname) will be stored and managed on our server and at Brevo. This also involves personal data. For example, in addition to the time and date of registration, your IP address is also stored. During the registration process, you also consent to us sending you the newsletter and reference is also made to this privacy policy. Furthermore, data such as click behavior in the newsletter may also be processed.

How long and where is the data stored?

The data for the newsletter tool is stored on servers in Germany. The data collected that makes you identifiable as a person (i.e. personal data) will generally be deleted by Brevo no later than two years after the end of the contractual relationship with us. However, you can also request the deletion of your data individually at any time. Requests will be processed within 30 days. Data that we collect and send to Brevo will be deleted as soon as you unsubscribe from our newsletter.

Right of objection

You can cancel your newsletter subscription at any time. All you have to do is withdraw your consent to the newsletter subscription. This usually only takes a few seconds or one or two clicks. You will usually find a link to cancel your newsletter subscription at the end of every email. If you really cannot find the link in the newsletter, please contact us by e-mail and we will cancel your newsletter subscription immediately. After unsubscribing, the personal data will be deleted from our server and from the Brevo servers, which are located in Germany. You have a right to free information about your stored data and, if necessary, a right to deletion, blocking or correction.

Legal basis

Our newsletter is sent by Brevo on the basis of your consent (Article 6(1)(a) GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. If consent is not required, the newsletter will be sent on the basis of our legitimate interest in direct marketing (Article 6(1)(f)), insofar as this is permitted by law. We record your registration process so that we can always prove that it complies with our laws.

If you would like more information about data processing, we recommend that you read the company's privacy policy at https://www.brevo.com/de/legal/privacypolicy/.

Sending newsletters to existing customers

If you order goods or services from us and provide us with your e-mail address, this e-mail address may subsequently be
subsequently be used by us to send you newsletters, provided that we inform you of this in advance.
inform you of this in advance. In such a case, the newsletter will only be used to send direct advertising for
own similar goods or services. You can unsubscribe from this newsletter at any time.
unsubscribe at any time. There is a corresponding link in every newsletter for this purpose.
In this case, the legal basis for sending the newsletter is Art. 6 para. 1 lit. f GDPR in conjunction
with § 7 para. 3 UWG.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us in a
blacklist to prevent future mailings to you. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest
as well as our interest in complying with the legal requirements when sending newsletters
(legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time.
not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
outweigh our legitimate interest.

YouTube with enhanced data protection

This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize browsing on YouTube. Ads that are played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

After activating a YouTube video, further data processing operations may be triggered over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. There is no connection to Google servers. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

OpenStreetMap

We use the OpenStreetMap (OSM) map service. We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John's Innovation Center, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a safe third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. Among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Hotel booking process

As part of the hotel booking process, whether online on one of our websites, via an online booking channel, or directly at the hotel, your personal data will be processed for the purpose of (i) enabling you to make a room reservation at our hotel; (ii) checking the availability of the hotel and managing the booking; (iii) sending you a booking confirmation; and (iv) sending you pre-arrival emails. You can unsubscribe from the pre-booking emails at any time prior to arrival by clicking on the unsubscribe link in the emails sent to you.

Categories of processed data

Booking information (including details of special requests), arrival and departure dates, e-mail address, telephone number, first name/surname, payment card number, card verification number and expiration date and name of the cardholder.

Data source

Depending on the booking mechanism used:

– Directly from you via the online booking form

– Via the online booking channel you used to make the booking

– Direct bookings at the hotel

Basis for processing

Processing is necessary in order to take steps to enter into and perform a contract. The legal basis for this is Art. 6 para. 1 lit. b GDPR.

The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Data transmission upon conclusion of the contract and the recipients of data

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution responsible for processing payments.

Any further transmission of the data will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The categories of recipients are listed below:

– Hotel's own authorized employees

– IT service providers involved in the (online) booking process

– IT service provider

– E-mail communication service provider

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Satisfaction surveys

We can provide you with guest surveys during or after your stay at check-out.

OPTIONAL: or send by email so that we can measure the performance of our hotels. You can unsubscribe from our customer satisfaction survey emails at any time by clicking on the unsubscribe link in the emails sent to you.

Categories of processed data

The questionnaire is anonymous and does not require you to provide any personal data.

OPTIONAL Country of residence, arrival and departure dates, e-mail address, first name/last name, nationality, details of stay

Data source

Depending on the booking mechanism used:

– Directly from you

Basis for processing

Processing is carried out to ensure performance. The basis for data processing is Art. 6 para. 1 lit. f GDPR.

Recipients of data

– Hotel's own authorized employees

Check-in and check-out at the hotel

When staying at our hotel, we will collect and process your personal data to (i) register your arrival and departure at the hotel; (ii) assign you a key card to your room; (iii) obtain a credit card guarantee or hotel deposit to guarantee payment for your stay; (iv) manage for a room upgrade; (v) manage payment for your stay; (vi) generate, print or send invoices for your stay.

If you have booked a room in one of our hotels but do not show up on the day of arrival without canceling it, we will process your personal data for the purpose of (i) canceling your stay and any other reservation you have made; and (ii) managing, processing and settling any outstanding payments.

Categories of processed data

Bookings (hotel, restaurant, events, etc.), arrival and departure dates, e-mail address, first name/surname, address, payment card type, number and expiration date, telephone number.

Data source

Depending on the booking mechanism used:

– Directly from you through the booking form

– Via the online booking channel you used to make the booking

– Direct bookings at the hotel

Basis for processing

The processing is necessary to execute the contract you have with us. The basis for data processing is Art. 6 para. 1 lit. b GDPR.

Recipients of data

– Hotel's own authorized employees

– possibly IT service provider

Hotel stay

When you stay at one of our hotels, we strive to make your stay as pleasant as possible. This requires the processing of your personal data for the provision of specific services during your hotel stay. These services include (i) housekeeping and maintenance; (ii) returning lost or forgotten items to you; and (iii) managing your preferences and those of your companions, such as dietary requirements and pillow preferences, in order to provide you with a better service during your stay with us.

Categories of processed data

Address, consumption habits, arrival and departure dates, dietary requirements, e-mail address, first name/last name, other preferences, payment information (for the return of lost or forgotten items), telephone number.

Data source

Depending on the booking mechanism used:

– Directly from you through the booking form

– Via the online booking channel you used to make the booking

- Directly from you, during your stay at the hotel

Basis for processing

It is the legitimate interest of aZIS Hotel Betriebs GmbH to organize its daily hotel maintenance activities, to personalize the services offered and to be able to identify the owner of a lost or forgotten item. Taking into account the limited personal data processed and shared for this purpose, the business interests of aZIS Hotel Betriebs GmbH take precedence over your own.

Recipients of data

– Hotel staff, including housekeeping, maintenance, reception and other hotel staff

– IT service provider

– Delivery or courier service provider (for the return of lost or forgotten items)

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.

Hotelnetsolutions

We use the online booking system OnePageBooking from the provider Hotelnetsolutions on our website. Your data will be transmitted to HotelNetSolutions GmbH
Genthiner Str. 8
10785 Berlin
Phone +49(0)30 - 770 193 000
Fax +49(0)30 - 770 193 050
E-mail: info@hotelnetsolutions.de
Internet: www.hotelnetsolutions.de transmitted. Hotelnetsolutions is prohibited from selling your data and using it for purposes other than the booking process in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with Hotelnetsolutions. Your data is transmitted via an encrypted SSL connection. You can find more information about Hotelnetsolutions' data protection here:

Data protection - HotelNetSolutions GmbH

Payment methods / payment service providers are offered on our website that enable cashless payment transactions via Hotelnetsolutions and associated partners, such as Payone AG. Payone acts as an acquirer and takes over the secure forwarding and settlement of credit card transactions with international credit card companies (so-called "schemes", such as American Express, Masertercard, Masertercard, etc.). Schemes, such as American Express, Masertercard, VISA, CUP, Diners, Discover, JCB)

Handling applicant data

We offer you the opportunity to apply to us (e.g. by e-mail or post). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Data may also be stored for longer if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant pool

If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.

Status: January 2025